A very old script I wrote aeons ago recovered from google's cache.
And don't kill me if the script is sloppy or you could do the same in a single line.
#!/bin/bash
#runchks.sh
CHKROOTKIT=/usr/local/chkrootkit-x.xx/chkrootkit
CURRENTSTATUS=/usr/local/runchks/status.txt
if [ -s $CURRENTSTATUS ]
then
rm -f $CURRENTSTATUS
fi
cd `echo "$CHKROOTKIT" | sed 's/[^/]*$//'`
echo `pwd`
$CHKROOTKIT |tee -a $CURRENTSTATUS
exec 6<&0
exec < $CURRENTSTATUS
while read LINE
do
teststring=`echo $LINE | grep INFECTED`
lengthstring=`echo $teststring | awk '{print length($0)}'`
if [ $lengthstring -ge 1 ]
then
$CURRENTSTATUS | /usr/sbin/sendmail tech@yourdomainname
exec 0<&6
echo $lengthstring
echo "Error Message : $teststring"
echo "Exiting after mailing tech"
exit 0
fi
# More Tests on analyzing the results may be included here
done
#End of runchks.sh
#and the corresponding crontab entry has to be appended to the root's
crontab in /var/spool/cron/root using crontab -e
4 * * * * /usr/local/runchks/runchks.sh --interval 04h > /usr/local/runchks/runchks.log 2>&1
Post new comment